PDA

Bekijk Volledige Versie : [ MDKSA-2007:109 ] - Updated tetex packages fix vulnerabilities



security@mandriva.com
25/05/07, 11:22
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

__________________________________________________ _____________________

Mandriva Linux Security Advisory MDKSA-2007:109
http://www.mandriva.com/security/
__________________________________________________ _____________________

Package : tetex
Date : May 23, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
__________________________________________________ _____________________

Problem Description:

Buffer overflow in the gdImageStringFTEx function in gdft.c in the
GD Graphics Library 2.0.33 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.

Tetex 3.x uses an embedded copy of the gd source and may also be
affected by this issue (CVE-2007-0455).

A buffer overflow in the open_sty function for makeindex in Tetex
could allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename (CVE-2007-0650).

The updated packages have been patched to prevent these issues.
__________________________________________________ _____________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650
__________________________________________________ _____________________

Updated Packages:

Mandriva Linux 2007.0:
f2fb0b9d245e499e2fc1138a038b3e7c 2007.0/i586/jadetex-3.12-116.2mdv2007.0.i586.rpm
9837dfed443636fd08b9e375204d22f3 2007.0/i586/tetex-3.0-18.2mdv2007.0.i586.rpm
d4973051015bd0e48b89934f73fd5897 2007.0/i586/tetex-afm-3.0-18.2mdv2007.0.i586.rpm
b1fd20a365cb89f9adbb056957800730 2007.0/i586/tetex-context-3.0-18.2mdv2007.0.i586.rpm
13ee210196e3f1c0e997e50520e04168 2007.0/i586/tetex-devel-3.0-18.2mdv2007.0.i586.rpm
e90f6b31569572defb05df637b47256b 2007.0/i586/tetex-doc-3.0-18.2mdv2007.0.i586.rpm
e5059f0d5fbcbe39514080c402403668 2007.0/i586/tetex-dvilj-3.0-18.2mdv2007.0.i586.rpm
ea99b66036aae65ebd4dc61c926371c2 2007.0/i586/tetex-dvipdfm-3.0-18.2mdv2007.0.i586.rpm
6ad19d54b5ffb9f36d89e25543614d6a 2007.0/i586/tetex-dvips-3.0-18.2mdv2007.0.i586.rpm
2ed6744049834e1b5571c014039cad73 2007.0/i586/tetex-latex-3.0-18.2mdv2007.0.i586.rpm
68710a0017149bab9bd9c45e72500e4d 2007.0/i586/tetex-mfwin-3.0-18.2mdv2007.0.i586.rpm
e86f54a2dd0c686181b5095612dd36e6 2007.0/i586/tetex-texi2html-3.0-18.2mdv2007.0.i586.rpm
52cefb34a64cb9153f2089e01c1c41a3 2007.0/i586/tetex-xdvi-3.0-18.2mdv2007.0.i586.rpm
8ee8896d09ee50dcb43dfafb27af7450 2007.0/i586/xmltex-1.9-64.2mdv2007.0.i586.rpm
7332b25d4445a16a6e8cf7dde312f8b3 2007.0/SRPMS/tetex-3.0-18.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
bd2a21204202fc7101a14cd843dc6675 2007.0/x86_64/jadetex-3.12-116.2mdv2007.0.x86_64.rpm
18a2ebd864bda026ed9deae0260f2c6a 2007.0/x86_64/tetex-3.0-18.2mdv2007.0.x86_64.rpm
08674c2aaf3dc4e64d79e356351b16ec 2007.0/x86_64/tetex-afm-3.0-18.2mdv2007.0.x86_64.rpm
099958867b65722546ff5616168d353b 2007.0/x86_64/tetex-context-3.0-18.2mdv2007.0.x86_64.rpm
ab7b5ddd7032163f9538cbfeb972c36f 2007.0/x86_64/tetex-devel-3.0-18.2mdv2007.0.x86_64.rpm
80d8c28897a373290a3e7da9e7450049 2007.0/x86_64/tetex-doc-3.0-18.2mdv2007.0.x86_64.rpm
25b68b1ec84b71b41670441bd14e3662 2007.0/x86_64/tetex-dvilj-3.0-18.2mdv2007.0.x86_64.rpm
1145106d1b43d66780ef9e5fbf7b41e0 2007.0/x86_64/tetex-dvipdfm-3.0-18.2mdv2007.0.x86_64.rpm
6a7f1c5b69eec1d6dc909d1a4bd60e62 2007.0/x86_64/tetex-dvips-3.0-18.2mdv2007.0.x86_64.rpm
99fb2ba27ba3ee62627f98e3a293961a 2007.0/x86_64/tetex-latex-3.0-18.2mdv2007.0.x86_64.rpm
8fd128897ea8795205e09e26df2d9936 2007.0/x86_64/tetex-mfwin-3.0-18.2mdv2007.0.x86_64.rpm
f8d9a6b42f6ac0e8cbbe49db185683aa 2007.0/x86_64/tetex-texi2html-3.0-18.2mdv2007.0.x86_64.rpm
dcbdb99c0cb719fdf46462266b8c0b1b 2007.0/x86_64/tetex-xdvi-3.0-18.2mdv2007.0.x86_64.rpm
9d4136876004296084ccccb2e8901ba8 2007.0/x86_64/xmltex-1.9-64.2mdv2007.0.x86_64.rpm
7332b25d4445a16a6e8cf7dde312f8b3 2007.0/SRPMS/tetex-3.0-18.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
b0c390f76cf5b5345d5c09ca69d3c059 2007.1/i586/jadetex-3.12-129.1mdv2007.1.i586.rpm
5ee999211c58309118a09d98cc334711 2007.1/i586/tetex-3.0-31.1mdv2007.1.i586.rpm
824ed1c03ce87ed9735d918badd463c3 2007.1/i586/tetex-afm-3.0-31.1mdv2007.1.i586.rpm
d26541171e2d048cce9b708bd75771ad 2007.1/i586/tetex-context-3.0-31.1mdv2007.1.i586.rpm
81c9101b8ff1c83ce091be00328ec0ba 2007.1/i586/tetex-devel-3.0-31.1mdv2007.1.i586.rpm
c14a60cccb6b00a8f3df515b7640d7b7 2007.1/i586/tetex-doc-3.0-31.1mdv2007.1.i586.rpm
cae0f034ff475c0ba70cf02a2a977ba6 2007.1/i586/tetex-dvilj-3.0-31.1mdv2007.1.i586.rpm
b4c68dbaed85af6334e1716d83327d2b 2007.1/i586/tetex-dvipdfm-3.0-31.1mdv2007.1.i586.rpm
377f9fd4e3ad4ef7fa64a93b34c2a93b 2007.1/i586/tetex-dvips-3.0-31.1mdv2007.1.i586.rpm
5a80c5a2bded8b079d136a07ddba8860 2007.1/i586/tetex-latex-3.0-31.1mdv2007.1.i586.rpm
047e0abadaa73d98d6f7df9e86d079bc 2007.1/i586/tetex-mfwin-3.0-31.1mdv2007.1.i586.rpm
e05a770ad5bbd460f649f3e97603fdc3 2007.1/i586/tetex-texi2html-3.0-31.1mdv2007.1.i586.rpm
1e3549f969eb15273cd985c56e030d1f 2007.1/i586/tetex-usrlocal-3.0-31.1mdv2007.1.i586.rpm
6bafc48bd1afb2202d18bd4c7a392a09 2007.1/i586/tetex-xdvi-3.0-31.1mdv2007.1.i586.rpm
2d25c94ec807ef9e79c9411f6b1e5ab4 2007.1/i586/xmltex-1.9-77.1mdv2007.1.i586.rpm
6f72108fa75b366013c051dfdaa3c00b 2007.1/SRPMS/tetex-3.0-31.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
0f896082d16abfc556550384da047593 2007.1/x86_64/jadetex-3.12-129.1mdv2007.1.x86_64.rpm
0233b425630b3f798a9b59173d94136f 2007.1/x86_64/tetex-3.0-31.1mdv2007.1.x86_64.rpm
08f4c1b8e5122bc4f796d0730c990ba2 2007.1/x86_64/tetex-afm-3.0-31.1mdv2007.1.x86_64.rpm
700e4d4965c0efa6dbfa492c1b6c5600 2007.1/x86_64/tetex-context-3.0-31.1mdv2007.1.x86_64.rpm
9e20dcb2b92d55863fd86580f28527b0 2007.1/x86_64/tetex-devel-3.0-31.1mdv2007.1.x86_64.rpm
cae67471381dd0b8e35994831415acc4 2007.1/x86_64/tetex-doc-3.0-31.1mdv2007.1.x86_64.rpm
b8863374cbad4906248111a06fdaf6e9 2007.1/x86_64/tetex-dvilj-3.0-31.1mdv2007.1.x86_64.rpm
1e71cd23d4020dc8317051c6bc15a358 2007.1/x86_64/tetex-dvipdfm-3.0-31.1mdv2007.1.x86_64.rpm
626ee1efbd88acc8cccfbee5da1985ab 2007.1/x86_64/tetex-dvips-3.0-31.1mdv2007.1.x86_64.rpm
648fdbb1723f9f1293224da40fb3264d 2007.1/x86_64/tetex-latex-3.0-31.1mdv2007.1.x86_64.rpm
a3522f9fe371890adc4721d0139906d4 2007.1/x86_64/tetex-mfwin-3.0-31.1mdv2007.1.x86_64.rpm
e8ba7ab0942deab0967cc876512e1a20 2007.1/x86_64/tetex-texi2html-3.0-31.1mdv2007.1.x86_64.rpm
7d502b1bd83aa3da29c3445f333db9bf 2007.1/x86_64/tetex-usrlocal-3.0-31.1mdv2007.1.x86_64.rpm
61692c92d44a06189a35b57d03a7e716 2007.1/x86_64/tetex-xdvi-3.0-31.1mdv2007.1.x86_64.rpm
17070f0edb31a519ac58152f67f7053d 2007.1/x86_64/xmltex-1.9-77.1mdv2007.1.x86_64.rpm
6f72108fa75b366013c051dfdaa3c00b 2007.1/SRPMS/tetex-3.0-31.1mdv2007.1.src.rpm

Corporate 3.0:
69fec44f571156f4892f3ce3304c2221 corporate/3.0/i586/jadetex-3.12-93.6.C30mdk.i586.rpm
e8a6f51ec4ce24e9a49671d8120d9340 corporate/3.0/i586/tetex-2.0.2-14.6.C30mdk.i586.rpm
7bfa7ed152924e9d9e0003a9211b228e corporate/3.0/i586/tetex-afm-2.0.2-14.6.C30mdk.i586.rpm
87b1950ab06289054e397dbe54d1814f corporate/3.0/i586/tetex-context-2.0.2-14.6.C30mdk.i586.rpm
bb584f7d5a9bf364156b2d417aeb40e2 corporate/3.0/i586/tetex-devel-2.0.2-14.6.C30mdk.i586.rpm
63de8b03b1464fece712e36f729a898a corporate/3.0/i586/tetex-doc-2.0.2-14.6.C30mdk.i586.rpm
21f2d4a4104f74e282b41417637ba4d4 corporate/3.0/i586/tetex-dvilj-2.0.2-14.6.C30mdk.i586.rpm
4e0478c74ea2e5ef38b5de6a58bcc812 corporate/3.0/i586/tetex-dvipdfm-2.0.2-14.6.C30mdk.i586.rpm
ae85fecf42171fe00bf14ddad82038a5 corporate/3.0/i586/tetex-dvips-2.0.2-14.6.C30mdk.i586.rpm
1af2feb51a41f1fc6460b2c810e03beb corporate/3.0/i586/tetex-latex-2.0.2-14.6.C30mdk.i586.rpm
c336772d422355e4585c7b15e3f57b62 corporate/3.0/i586/tetex-mfwin-2.0.2-14.6.C30mdk.i586.rpm
c3f69b000f0f7f925033fd7314776ca4 corporate/3.0/i586/tetex-texi2html-2.0.2-14.6.C30mdk.i586.rpm
070c9cbe961d604459cce982bf441232 corporate/3.0/i586/tetex-xdvi-2.0.2-14.6.C30mdk.i586.rpm
3743e29d11c908288ba225b389d8a777 corporate/3.0/i586/xmltex-1.9-41.6.C30mdk.i586.rpm
72dd7067c3e01870a36c200dea46d98f corporate/3.0/SRPMS/tetex-2.0.2-14.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
1c4bcc2589858644c8b2456a4c63f355 corporate/3.0/x86_64/jadetex-3.12-93.6.C30mdk.x86_64.rpm
0b20d640eb8d18f1a5ddbaa61f0b9c12 corporate/3.0/x86_64/tetex-2.0.2-14.6.C30mdk.x86_64.rpm
ba7fe18d47ae12685daf0467f9c2e32a corporate/3.0/x86_64/tetex-afm-2.0.2-14.6.C30mdk.x86_64.rpm
39304c8b7a86e202f587955f61610791 corporate/3.0/x86_64/tetex-context-2.0.2-14.6.C30mdk.x86_64.rpm
075732b125d63a6ec253113416033a30 corporate/3.0/x86_64/tetex-devel-2.0.2-14.6.C30mdk.x86_64.rpm
18bde348dc1e27fe6f7920e0c570b856 corporate/3.0/x86_64/tetex-doc-2.0.2-14.6.C30mdk.x86_64.rpm
1bef4166396e578ec54133a601a2acc0 corporate/3.0/x86_64/tetex-dvilj-2.0.2-14.6.C30mdk.x86_64.rpm
3ccb48aa3d73035b25442fad43c3972b corporate/3.0/x86_64/tetex-dvipdfm-2.0.2-14.6.C30mdk.x86_64.rpm
e62237183d2cb28c322ccd33a8646381 corporate/3.0/x86_64/tetex-dvips-2.0.2-14.6.C30mdk.x86_64.rpm
3ca3a5aa3e3280281992dec9f70dc710 corporate/3.0/x86_64/tetex-latex-2.0.2-14.6.C30mdk.x86_64.rpm
03cf7ec5142b11c33149a09f56299bd4 corporate/3.0/x86_64/tetex-mfwin-2.0.2-14.6.C30mdk.x86_64.rpm
77bfb4e143bdfc9ea7be3a1369f3cf4b corporate/3.0/x86_64/tetex-texi2html-2.0.2-14.6.C30mdk.x86_64.rpm
063b58c4e01d03623400812c93cf3bdc corporate/3.0/x86_64/tetex-xdvi-2.0.2-14.6.C30mdk.x86_64.rpm
03f8d26d409b40b663bc9277b759e1d5 corporate/3.0/x86_64/xmltex-1.9-41.6.C30mdk.x86_64.rpm
72dd7067c3e01870a36c200dea46d98f corporate/3.0/SRPMS/tetex-2.0.2-14.6.C30mdk.src.rpm

Corporate 4.0:
353c207f583bac4b97e9ed18ded74d49 corporate/4.0/i586/jadetex-3.12-110.4.20060mlcs4.i586.rpm
25dddb88ea4763663a141f6dbeddac01 corporate/4.0/i586/tetex-3.0-12.4.20060mlcs4.i586.rpm
6c0de20e1e40ce1879dc7f7928a0339f corporate/4.0/i586/tetex-afm-3.0-12.4.20060mlcs4.i586.rpm
1a292217bb3b93a9d3bd00ef03e88742 corporate/4.0/i586/tetex-context-3.0-12.4.20060mlcs4.i586.rpm
16d95f9c6eaf286a23b4774cfe5e0b85 corporate/4.0/i586/tetex-devel-3.0-12.4.20060mlcs4.i586.rpm
60125a1bf699d93cc6fa585361c16ef4 corporate/4.0/i586/tetex-doc-3.0-12.4.20060mlcs4.i586.rpm
1f0538ae84f8defbd02d7f7daee21154 corporate/4.0/i586/tetex-dvilj-3.0-12.4.20060mlcs4.i586.rpm
6ca2b40b5323af558c8d5c1d5389e505 corporate/4.0/i586/tetex-dvipdfm-3.0-12.4.20060mlcs4.i586.rpm
5df38c53bb5ffe84f248a6b0f55193d2 corporate/4.0/i586/tetex-dvips-3.0-12.4.20060mlcs4.i586.rpm
1feb7c32d5ce93353802bb49687d7af0 corporate/4.0/i586/tetex-latex-3.0-12.4.20060mlcs4.i586.rpm
1c4fbb7e6a2acaaffb818d0d9838f1f3 corporate/4.0/i586/tetex-mfwin-3.0-12.4.20060mlcs4.i586.rpm
86d4d0fb1bdb5aa140d5d9627fae682c corporate/4.0/i586/tetex-texi2html-3.0-12.4.20060mlcs4.i586.rpm
408cf29fccdc4ed33e1a530dfdaacdf0 corporate/4.0/i586/tetex-xdvi-3.0-12.4.20060mlcs4.i586.rpm
10bccc85c8752721bdaf21f1ebd62480 corporate/4.0/i586/xmltex-1.9-58.4.20060mlcs4.i586.rpm
cb91a4f29611bfb2fd602bb780449088 corporate/4.0/SRPMS/tetex-3.0-12.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
f3a1f2a77294feb65162f034b9df4964 corporate/4.0/x86_64/jadetex-3.12-110.4.20060mlcs4.x86_64.rpm
4330709943e85543b7d78c1339bb3830 corporate/4.0/x86_64/tetex-3.0-12.4.20060mlcs4.x86_64.rpm
b4c0084e1ec7e3e5319622b02ced0291 corporate/4.0/x86_64/tetex-afm-3.0-12.4.20060mlcs4.x86_64.rpm
dea7084c10404bc9d0ce25524e2403a6 corporate/4.0/x86_64/tetex-context-3.0-12.4.20060mlcs4.x86_64.rpm
96132bde53b53c26b217c977f2f1bf41 corporate/4.0/x86_64/tetex-devel-3.0-12.4.20060mlcs4.x86_64.rpm
c0dc37849c4f64dbb456890446d1999b corporate/4.0/x86_64/tetex-doc-3.0-12.4.20060mlcs4.x86_64.rpm
938f1eea3ff14476bce05a522b5d1e16 corporate/4.0/x86_64/tetex-dvilj-3.0-12.4.20060mlcs4.x86_64.rpm
80637e21655ae7a4a2c00d368bbba408 corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.4.20060mlcs4.x86_64.rpm
1ee92cdcd5379a78b676ac1a28e4a4be corporate/4.0/x86_64/tetex-dvips-3.0-12.4.20060mlcs4.x86_64.rpm
9a6cf9edef2a08eb6ed8a02156cdfef5 corporate/4.0/x86_64/tetex-latex-3.0-12.4.20060mlcs4.x86_64.rpm
141d05046ae1db25c51dfe66ec3f2831 corporate/4.0/x86_64/tetex-mfwin-3.0-12.4.20060mlcs4.x86_64.rpm
51a8a0e33e7dddb05127324463d4cd7f corporate/4.0/x86_64/tetex-texi2html-3.0-12.4.20060mlcs4.x86_64.rpm
d0af2ea4888afcff162a03d2107295fb corporate/4.0/x86_64/tetex-xdvi-3.0-12.4.20060mlcs4.x86_64.rpm
df253a5dd2d53370903fec7ee373618b corporate/4.0/x86_64/xmltex-1.9-58.4.20060mlcs4.x86_64.rpm
cb91a4f29611bfb2fd602bb780449088 corporate/4.0/SRPMS/tetex-3.0-12.4.20060mlcs4.src.rpm
__________________________________________________ _____________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
__________________________________________________ _____________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGVMksmqjQ0CJFipgRAkWTAKCWgRWcpcIPEDTa+8u5Ls BXJPoEtACgvQQ0
1b4REuc8HJHUoOeZmtSmv8M=
=DyYa
-----END PGP SIGNATURE-----